Atualização: A Dell reconheceu que o instalador do driver exclui arquivos do usuário. Eles colocaram o driver na lista negra para garantir que ele não seja distribuído para outros sistemas. Para aqueles que já estão enfrentando esse problema, boa sorte em recuperar seus arquivos.
Algumas pessoas, inclusive eu, estão com esse problema. Parece estar relacionado a um instalador de driver Dell Thunderbolt que é executado todos os dias. Eu executei um rastreamento do Sysinternals Process Monitor que prova que esse instalador de driver faz toda a exclusão.
Não sei ao certo por que exclui apenas arquivos de uma pasta específica, mas é minha pasta mais importante que sempre abri no gerenciador de arquivos. Talvez haja alguma interação entre o driver e o explorador de arquivos.
Mais detalhes podem ser encontrados neste tópico da Dell. link
Eu publiquei um detalhamento completo da minha descoberta lá, mas ele está aguardando por um moderador da Dell, então incluí uma cópia abaixo.
Same here, over the last 5 working days (I believe the first time it happened was Thursday, August 17, 2017) it has repeatedly deleted a folder containing 10K+ files that I had to restore from backup every day. A monumental waste of my time.
I got so fed up with my files disappearing that I ran a SysInternals Process Monitor trace and let's just say that I have caught this driver installer with its pants down, this process traverses files under c:\data\dropbox and deletes them all!
Why the installer is running every day is beyond me. Also, why it is only deleting this folder under c:\data and not other ones under c:\data is not clear. The only thing I can think of is that I have this folder ALWAYS open in file explorer.
Other people are reporting similar problems, see Virus / suspicious process deletes many folders and files via various processes name
I had a look at the update of the various Dell update utilities running on my system (why so many). Dell Command Update's history and activity log don't show they have executed anything.
The installer is signed by Dell Inc, I have checked it with virus scanners and it comes through clean.
Dell Support assist shows 'Powered by PC_Doctor', which explains the PCDR in the path of the driver, so my guess is that this schedules the daily update. However, the process ID shown for the parent process (that started the driver installer) is not for a process that is currently running, so I cannot say for sure what started this installer.
Does anyone have any idea about where the log file for this driver installer can be found. I looked in %temp% and c:\windows\temp, but there is nothing there that matches the timestamp.
The Windows Event log shows the following every day
System event log entries (every day at a random time, event ID 7045)
A service was installed in the system.
Service Name: PCDSRVC{3B54B31B-D06B6431-06020200}_0 - PCDR Kernel Mode Service Helper Driver Service File Name: c:\program files\dell\supportassist\pcdsrvc_x64.pkms Service Type: kernel mode driver Service Start Type: demand start Service Account:
as well as
Beginning a Windows Installer transaction: C:\ProgramData\dell\drivers\Chipset_Driver_8J86F_WN32_15.3.39.250_A01\setup.msi. Client Process Id: 16568.
I am happy to delete this problematic file, but my fear is that it will come back an delete files again. As it is impossible to trace what it has deleted over time more and more files will just disappear from my system.
It is pretty clear who is at fault here, now Dell will need to take ownership and sort this out. I am paying for premium support and will contact my Dell support rep.